Extracted

• • Target

    Req for Quotation.exe

  • Size

    868KB

  • MD5

    4049bc3e3be642bba332434b80911b4e

  • SHA1

    08fe43602fa52cf64485c5eb49992ec62e60ca41

  • SHA256

    25668bb8b209e29ad8ee4f1083283224271223d5de207449192b19ec07022418

  • SHA512

    e1d8a7e2943d47bb332f0589fdec848a429e616b25382554320421109c2a577e5b24fbc4c500fed07fccb6f69cb3e3288ea39ed069272bf75ec3e5e39aa0f184

  Score

  10^/10

  azorultdiscoveryinfostealerspywarestealertrojan

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult

  • Loads dropped DLL

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2